Lots of new software systems are being deployed. Moreover, several countries are moving to e-Government. In the US, for example, Internet Voting for absentee voting for military and overseas voters will likely be developed. The 2002 Help America Vote Act in essence mandates NIST to propose such a system. A question is whether these e-Government systems are secure. In this lecture we focus on Internet Voting.

The lecture starts by analyzing a state of the art voting system, Helios 2.0. Helios 2.0 is a web-based open-audit voting system using state of the art web technologies and advanced cryptographic techniques to provide integrity of ballots and voter secrecy in an insecure Internet environment. As we show, the cryptographic techniques used in Helios 2.0 can easily be bypassed by exploiting well known web browser vulnerabilities.

We reflect back on the 30 years research on e-voting by the cryptographic community and conclude that only recently researchers have started to take into account the fact that the machine used to vote may be hacked. A first solution to this problem was presented by Chaum. We analyze the weaknesses of his approach. We then propose new solutions that avoid the shortcomings of Chaum’s solution.

One of the new solutions requires the use of unconditionally secure MIX servers. To achieve this, we need secure multiparty computation over a non-Abelian group. We explain how to achieve this in an “efficient” way when the adversary is passive.

Bio:Yvo Desmedt received his Ph.D., Summa cum Laude, in 1984 from the University of Leuven, Belgium. At present, he is the Chair of Information Communication Technology at University College London, UK. He is a Fellow of the International Association for Cryptologic Research (IACR). His interests include cryptography, network security and computer security. He was program chair of several conferences and workshops, including PKC and Crypto. He is editor-in-chief of IET Information Security and editor of 4 other journals. He was an invited speaker at conferences and workshop in 5 continents. He has authored over 150 refereed papers. He is ranked 4th (out of 1922) most productive researcher at the three main research conferences in Cryptology.